Skip to main content

PowerProtect Data Domain CVE-2026-26354

| EUVDEUVD-2026-25050 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-04-22 dell GHSA-h5cf-xw55-j4wj
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Re-analysis Queued
Apr 27, 2026 - 17:22 vuln.today
cvss_changed
Patch released
Apr 27, 2026 - 17:09 nvd
Patch available
Analysis Generated
Apr 23, 2026 - 06:55 vuln.today
Patch available
Apr 22, 2026 - 20:32 EUVD
EUVD ID Assigned
Apr 22, 2026 - 18:31 euvd
EUVD-2026-25050
Analysis Generated
Apr 22, 2026 - 18:31 vuln.today
CVE Published
Apr 22, 2026 - 18:11 nvd
HIGH 8.1

DescriptionCVE.org

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

AnalysisAI

Stack-based buffer overflow in Dell PowerProtect Data Domain DD OS allows remote unauthenticated attackers to execute arbitrary commands on vulnerable appliances. Affects Feature Release versions 7.7.1.0-8.6, LTS2025 (8.3.1.0-8.3.1.10), and LTS2024 (7.13.1.0-7.13.1.60). Despite network-accessible attack vector (AV:N/PR:N), high attack complexity (AC:H) indicates specialized exploit conditions. CISA SSVC framework rates exploitation as 'none' and automatable as 'no', suggesting manual, targeted exploitation rather than mass scanning. No active exploitation confirmed at time of analysis. Dell has released patches across all affected release tracks (DSA-2026-060).

Technical ContextAI

This vulnerability affects Dell PowerProtect Data Domain appliances running DD OS (Domain Operating System), an enterprise-class data protection platform for backup and recovery. The flaw is a CWE-121 stack-based buffer overflow, a memory corruption issue where unbounded input overwrites adjacent stack memory including return addresses and local variables. Unlike heap overflows, stack-based overflows can directly control program execution flow by overwriting return pointers. The vulnerability exists in a network-accessible service component that processes remote input without proper bounds checking. CPE identifier cpe:2.3:a:dell:powerprotect_data_domain indicates the software-level DD OS component across multiple hardware platforms. Dell maintains three parallel release tracks (Feature, LTS2025, LTS2024), all of which contain vulnerable code paths, suggesting the flaw exists in shared network protocol parsing or API handling code introduced in 7.7.1.0 timeframe.

RemediationAI

Apply Dell-provided patches immediately for internet-exposed appliances, within 30 days for internal deployments per DSA-2026-060. Feature Release track: upgrade to DD OS 8.6.1.10 or 8.7.0.0 or later. LTS2025 track: upgrade to 8.3.1.20 or 8.3.1.30 (specific version depends on current baseline per EUVD data). LTS2024 track: apply 7.13.1.60 or later (note: EUVD references 2.7.9 variant for specific configurations-consult advisory for deployment-specific guidance). Download patches from Dell Support portal linked in DSA-2026-060. If immediate patching is infeasible, implement compensating controls: restrict network access to DD management interfaces using firewall rules allowing only trusted backup infrastructure IPs (blocks remote unauthenticated exploitation but limits operational flexibility for remote management); deploy intrusion detection signatures for anomalous DD protocol traffic patterns (provides detection but not prevention); enable detailed audit logging for forensic visibility (post-compromise detection only). Each mitigation reduces attack surface but patching remains the only complete remediation. Backup configurations before upgrade and validate replication health post-patch per Dell change control procedures.

More in Dell

View all
CVE-2012-2962 MEDIUM POC
6.5 Jul 30

SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2

CVE-2014-8420 CRITICAL POC
9.0 Nov 25

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before

CVE-2012-3951 HIGH POC
7.5 Jul 31

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default passwor

CVE-2014-4977 MEDIUM POC
6.5 Jul 16

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute

CVE-2026-22769 CRITICAL
10.0 Feb 17

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) t

CVE-2014-125113 CRITICAL POC
9.3 Aug 05

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance vers

CVE-2012-2626 MEDIUM POC
5.0 Jul 31

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not requir

CVE-2014-8272 MEDIUM POC
5.0 Dec 19

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57

CVE-2017-10955 HIGH
8.8 Oct 19

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection

CVE-2012-2627 CRITICAL POC
9.4 Jul 31

d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote at

CVE-2021-21551 HIGH POC
7.8 May 04

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile

CVE-2025-36604 HIGH POC
7.3 Aug 04

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('

Share

CVE-2026-26354 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy